CVE-2018-10099

MEDIUM

Google Monorail < 2018-04-04 - Cross-Site Request Forgery via CSV Download

Title source: llm
STIX 2.1

Description

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.

Scores

CVSS v3 5.3
EPSS 0.0034
EPSS Percentile 26.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-352
Status published
Products (1)
google/monorail < 2018-04-04
Published Nov 20, 2018
Tracked Since Feb 18, 2026